Anti-spam for the CISO

We had a flurry of spam messages get through the mail scrubbers.  The natural response is that the cyber security team should deal.

But, despite vendors selling to the CISO, is spam a CISO issue?

These people think it is

But I am not sure.

Why it is:

  • Er, it’s IT and it needs to be stopped.  Securely

Why it is not

  • Spam, per se, does not affect the integrity of your systems
  • Spam, per se, does not affect the availability of your systems
  • Spam, per se, does not affect the confidentiality of your systems

The effect of someone clicking on  a dodgy link might well be a compromise to your information.  The disclosure of personal details might be a security incident.

But the anti-spam engine not working:  is that really a CISO matter?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s